Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

Tuesday, December 15, 2015

• Nissan Motor Company Ltd recalled nearly 34,000 model year 2015
Rogue sport utility vehicles December 12 due to a faulty shift selector knob
that can cause the vehicle to unexpectedly move out of the park position. – Associated
Press

2. December
12, Associated Press – (National) Nissan recalling recent Rogue models with shift
defect. Nissan Motor Company Ltd announced the nationwide recall of nearly
34,000 model year 2015 Rogue sport utility vehicles December 12 due to a faulty
shift selector knob that can cause the vehicle to unexpectedly move out of the
park position.

• The Santa Clara Valley Medical Center in San Jose announced
December 13 that 368 parents, 308 employees, and 350 infants were possibly
exposed to tuberculosis at the hospital after an employee was suspected of
having active tuberculosis. – CNN

16. December
13, CNN – (California) 350 infants may have been exposed to
tuberculosis at California hospital. The Santa Clara Valley Medical Center
in San Jose announced December 13 that 368 mothers or parents, 308 employees,
and 350 infants were possibly exposed to tuberculosis at the hospital due to an
employee who was suspected of having active tuberculosis. The employee was
placed on leave in mid-November and officials stated that the risk of infection
is low.

• Security researchers from Bugsec Group and Cynet reported the
flaw, FireStorm can exhausted enterprise-grade firewalls and extract data out
of corporate networks via Transmission Control Protocol (TCP) handshakes.– Softpedia
See item 24 below in
the Information Technology Sector

• Officials reported that
bomb threats across three States in several malls prompted the evacuation of
thousands of shoppers and prompted mall closures while police crews searched
the buildings for explosive devices December 12. – Reuters

26. December
13, Reuters – (National) Malls in 3 U.S. states evacuated on busy holiday
shopping day. Officials reported that bomb threats across three States in
multiple malls including Largo Mall in Florida, Shops at Riverside in New
Jersey, and the Animas Valley Mall in New Mexico, prompted the evacuation of
thousands of shoppers and prompted mall closures while police crews searched
the buildings for explosive devices December 12. Police found no traces of bomb
devices in the facilities and reopened all the malls. Source: http://www.msn.com/en-us/news/us/malls-in-3-us-states-evacuated-on-busy-holiday-shopping-day/ar-BBntYWu?li=BBnb7Kz

Financial Services Sector

4. December
11, South Florida Sun-Sentinel – (National) Nine South
Floridians charged in $6.6 million stock fraud. Federal prosecutors
unsealed an indictment December 11 charging 9 South Florida residents for
allegedly netting $6.6 million in a fraudulent stock investment scheme
affecting 150 victims through Oxford City Football Club Inc. The group claimed
that the business was profiting millions through its sports, education, media,
and real estate acquisitions. Source: http://www.sun-sentinel.com/news/fl-fraud-oxford-city-20151211-story.html

5. December
11, U.S. Securities and Exchange Commission – (National) SEC: Sports
team offering is a penny stock fraud. Authorities from the U.S. Securities
and Exchange Commission announced December 11 that Oxford City Football Club
Inc., and its chief executive officer were charged for allegedly raising over
$6.5 million from inexperienced investors who were misled to believe that the
Florida-based penny stock company was profiting millions from sports teams,
academic institutions, and real estate holdings through pressure tactics and a
boiler room scheme. Source: http://www.sec.gov/news/pressrelease/2015-278.html

6. December
11, U.S. Department of Justice – (National) Former New York
City corrections officer pleads guilty to multimillion dollar tax refund
conspiracy. A New York resident pleaded guilty December 11 for his role in
a scheme to defraud the Internal Revenue Service (IRS) of more than $3.4
million by submitting fraudulent 1099-OID tax forms. The man worked alongside a
former IRS employee and a third co-conspirator who collected fees from clients
and supplied correspondence containing false claims to send to the agency. Source:
http://www.justice.gov/opa/pr/former-new-york-city-corrections-officer-pleads-guilty-multimillion-dollar-tax-refund

7. December
10, Newark Star-Ledger – (New Jersey) 12 charged in ‘elaborate’ $3M
credit card scheme, AG says. New Jersey officials announced December 9 that
12 foreign nationals and U.S. citizens were charged in connection to a credit
card scheme that stole $3 million by passing bad checks and making fake credit
card payments. The group would create false identities by pairing real Social
Security numbers with phony names and birth dates to open checking accounts and
credit cards online, which they would max out through shell companies. Source: http://www.nj.com/news/index.ssf/2015/12/12_charged_in_elaborate_credit_card_scheme_that_st.html

Information Technology Sector

22. December
14, SecurityWeek – (International) Twitter warns users of state sponsored
hacking. Twitter reported December 14 that its customers’ user names,
Internet Protocol (IP) addresses, phone numbers, and email addresses may have
been compromised after a potential state sponsored attack occurred in its
systems. Twitter officials advised users to use Tor Project, a software
enabling anonymous communication, to protect affected users on social networks. Source: http://www.securityweek.com/twitter-warns-users-state-sponsored-hacking

23. December
12, Softpedia – (International) Malware spread via The Guardian’s Article on
cybercrime. Researchers from FireEye discovered a report, hosted on The
Guardian’s Web site about cybercrime, had a flaw in one of its links that was
redirecting users to an Angler Exploit Kit installation that would search
targets’ personal computers (PC) for the CVE-2014-6332 flaw, which is a Windows
Object Linking and Embedding (OLE) Automation Remote Code Execution
vulnerability, triggered through VBScript. The Guardian is working to patch the
vulnerability. Source: http://news.softpedia.com/news/malware-spread-via-the-guardian-s-article-on-cybercrime-497519.shtml

24. December
11, Softpedia – (International) FireStorm vulnerability leaves next-gen
enterprise firewalls open to attacks. Security researchers from Bugsec
Group and Cynet reported a vulnerability, dubbed FireStorm, that can exhausted
enterprise-grade firewalls and extract data out of corporate networks via
Transmission Control Protocol (TCP) synchronize (SYN) packets by avoiding a
full TCP connection, allowing the flaw to disguise its connection type, source,
or target from corporate firewalls. Source: http://news.softpedia.com/news/firestorm-vulnerability-leaves-next-gen-enterprise-firewalls-open-to-attacks-497481.shtml

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"